another example of the Credit Card industry's deceptive advertising targeting children
cartoon of the month

Tuesday, May 31, 2005

Cyber Law media get your facts right please

I, Sarbajit Roy get mightily pissed of when I read all these ill informed news stories appended below. Although my HACKING COMPLAINT is the second complaint under sections 43 and 66 pending for adjudication with Secy. IT GNCTD Parkash Kumar at Delhi, but on 2 May 2003 I was the first person to petition the Supreme Court of India on a matter under section 43 and 66 of the IT Act 2000 because the Adjudicating Officers had not been notified. This post is just to set the record straight since voluntary settlements of about Rs.3,000,00,00,000 (Three Thousand Crores) was made in that matter which concerned mobile phones as computers and denial of Services DoS- remember the famous slogan "Kabhi Mobile Kabhi Computer"!!

Antares Systems sues CommerceOne arm — AP Govt arraigned in IPR case

Our Bureau

Bangalore , July 25

CLOSE on the heels of filing the first lawsuit under Indian cyber law, Antares Systems Ltd, the Bangalore-based IT firm, has filed a case against an e-governance project in the Delhi High Court for alleged infringement of intellectual property rights (IPRs) and unfair competition. The case has been filed against C1 India Pvt Ltd, a subsidiary of Nasdaq-listed CommerceOne. The Government of Andhra Pradesh and Principal Secretary, Department of IT and Communications, AP have been arraigned as parties.

Antares has urged the Delhi HC that C1 India and the AP Government be restrained from infringing its copyright in its e-tendering software product Tenderwizard and from relying upon, in any manner whatsoever, the features of Tenderwizard, said the company's Senior Vice-President, Mr R. Kamath.

Further, Antares had also sought permanent injunction restraining the C1 India Pvt Ltd including AP Government from proceeding ahead with e-procurement initiative in question, as the matter was subjudice, Mr Kamath added.

Antares has alleged that the IPRs of Tenderwizard have been infringed by C1 India and other respondents. It has been alleged in the plaint that C1 India teamed up as a consortium with Antares, along with Microsoft and Compaq as other partners for joint bidding of the e-procurement initiative of Government of Andhra Pradesh and thereafter, copied and reverse engineered the e-tendering software of Antares and deployed the software in AP Government. The Delhi HC on July 21 has directed C1 India and AP Government to file their written statement within one week and further directed Antares to file its reply within one week thereafter. The matter has been adjourned to August 13 for arguments on injunction application.



First case under Indian cyberlaw filed

July 11, 2003 14:32 IST

A Bangalore-based company on Friday claimed to have filed the first-ever case for damages by way of compensation under the Indian cyberlaw.

Antares Systems Ltd, operating in the electronic tendering product space, said it has filed the case against C1 India Private Ltd and four others under sections 43 and 46 of the Information Technology Act, 2000.

Antares filed the case for damages against C1 India, the New Delhi-based subsidiary of Nasdaq-listed Commerce1, alleging violation of copyright and intellectual property rights.

The company is seeking damages of Rs 25 lakh (Rs 2.5 million), along with interest at the rate of 24 per cent per annum.

Antares' senior vice-president R Kamath told a news conference in Bangalore that his company has also charged the respondents with, among others, developing their own e-tendering solution by copying the essential features of the company's product, Tenderwizard.

According to Kamath, the case, filed on behalf of the company by Supreme Court advocate Pavan Duggal, who specialises in cyberlaw, was pending before Prakash Kumar, adjudicating officer under the Information Technology Act, 2000, and special secretary (IT), Delhi government.

Antares claimed that the respondents collaborated with the company to jointly bid as a consortium for the e-procurement initiative of the Andhra Pradesh government.

However, C1, the lead bidder, executed the agreement with the Andhra government for the deployment of the project without the knowledge of Antares and completely cut the company out of the venture, he alleged.

The project, valued at about Rs 8 crore (Rs 80 million), consisted of an e-procurement component and an e-tendering component, he said, adding that Antares' speciality was its electronic tendering product Tenderwizard.

Kamath claimed that Antares shared the user ID and password of Tenderwizard with C1 for online evaluation but the latter, after the successful bid, 'dumped' Antares.

C1 had earlier asked for and got access to the user identification, password and navigation details of Tenderwizard from Antares and this information was used by C1 to 'reverse engineer' its own e-tendering software, Suresh Kumar alleged.

Antares also accused C1 of having downloaded and/or copied as also extracted data and information from its computer system or network.

Complaints to the Andhra government in this regard did not elicit any response, he said.

It said the case came up for hearing on July 9 and as the counsel for the respondents sought time, the adjudicating officer adjourned it to August 13.



First case filed under cyberlaw

Our Bureau

New Delhi, July 11

A BANGALORE - BASED company has filed the first case for damages by way of compensation under Indian Cyberlaw ever since the Indian Information Technology Act came into effect in the year 2000.

The case has been filed by Antares Systems Ltd against C1 India Pvt Ltd and four others under Section 43 and 46 of the Information Technology Act, 2000.

The case has been filed and is pending before Mr Prakash Kumar, Adjudicating Officer under the IT Act, 2000 and Special Secretary (IT), Government of NCT of Delhi, according to Mr Pavan Duggal, the advocate specialising in Cyberlaw. Mr Duggal is representing Antares Systems in the case.

Antares Systems, which operates in the electronic tendering product space, has alleged that C1 India violated copyright and intellectual property rights and sought Rs 25 lakh as damages and an interest thereon at the rate of 24 per cent annually.

Antares also charged the respondents with developing an e-tendering solution by copying the essential features of its product, `Tender Wizard.'

The respondents collaborated with Antares to jointly bid as a consortium for the e-procurement initiative of the Andhra Pradesh Government, it is alleged. During the preparation period, the complainant, on the insistence of the respondents, had shared the user ID and password of Tender Wizard for the purpose of online evaluation of the same.

However, the respondents, after successfully bidding for the e-procurement initiative of Andhra Pradesh Government, dumped the Antares Systems, it is alleged.

The case will now come up for hearing on August 13, Mr Duggal said.


Maya Sharma

Watch story IT firm seeks damages from AP govt

Thursday, July 17, 2003 (Bangalore):

The first case for damages by way of compensation under Indian cyberlaw has been filed by a Bangalore-based software company.

Antares Systems claims that it was dumped by another firm with which it had formed a consortium to deal with the Andhra Pradesh government.

The background

Antares had developed a software called 'Tenderwizard' to help in the process of electronic tendering - and this has been successful in some Karnataka government departments.

When the Andhra Pradesh government was looking for such software, Antares joined a consortium formed by Commerce One India to bid jointly for the project.

"We had given all the information about our product. We also gave them the password and the user code to get into our website to learn more about our product. So we gave all this information with the intention of bidding for the project as one unit. Once it was awarded, we were not told about it. We felt we have been basically dumped once the project was awarded to them," alleged Suresh Kumar, CEO, Antares Systems Ltd.

Seeking answers

Antares has now filed a complaint under the Information Technology Act and is seeking compensation of Rs 25 lakh, the first time financial damages have been sought under this Act.

The case came up for hearing earlier this month in New Delhi and Commerce One India has been given time till July 31 to file a reply.

Antares is in the process of taking legal steps against all parties, including the government of Andhra Pradesh.


Antares files cyber law suit against C1

DH News Service BANGALORE, July 11

In what seems to be first case under Indian Cyber Law seeking compensation, a Bangalore-based software firm has claimed damages of Rs 25 lakh from C1 India, a subsidiary of US-based Commerce One, for alleged violation of its intellectual property rights.

Antares Systems, solutions provider for electronic tendering process, has charged C1 India with developing e-tendering solution by copying essential features of its product — Tenderwizard.

Briefing reporters, Antares CEO Suresh Kumar said C1, Microsoft, Compaq and his company had jointly bid for and won a Rs 8 crore contract last year to deliver e-procurement solution for Andhra Pradesh government.

Following this, Antares shared user ID, password and navigation details of Tenderwizard with C1 for online evaluation.

But after successfully bidding the project, C1 used details and features of Tenderwizard to develop its own e-tendering software by “reversing engineering”, he claimed.

Mr Suresh Kumar said C1 executed the agreement with AP government for deployment of the project without Antares knowledge.

Dr R Kamath, Senior Vice President, Antares, said case has been filed against C! and its four officials under Section 43 and 46 of Information Technology Act, 2000.

The case, filed on behalf of the company by Supreme Court Advocate Pavan Duggal, a cyber law specialist, was pending before Mr Prakash Kumar, Adjudicating Officer under the IT Act, 2000.

The case, which came up for hearing on Wednesday before the adjudicating officer in Delhi, had been adjourned till August 13, he said.


Software crimes, easy getaways
Tuesday, 23 December , 2003, 08:27
Discuss: Piracy exists merely because most software is overpriced

Admit it. When was the last time you actually "bought" original software? Chances are the software you are working on at home or in office is pirated. But that's something we have learnt to ignore.

In fact, the National Association of Software and Service Companies (NASSCOM) survey in India claims that software piracy in India was 64 per cent in the financial year 2002-03 which amounts to a loss of Rs 1,500 crore the same year. NASSCOM is, however, working towards bringing the target down to 25 per cent by the year 2008. But its initiatives don't seem to be heading anywhere.

A recent example would be Dew Soft, an IT company that deals with online education. The management has alleged that two of its former employees - Om Prakash and Ram Pravesh - stole one of their educational software. The sad part is that the company is finding it difficult to lodge a complaint at the Prasad Nagar police station. "We went to the police in October but they are yet to register a complaint," says Rishi Sahdev, the company's MD.

He thinks the cops' ignorance about the impact of software piracy is a major reason why they haven't yet registered an FIR. "The police don't understand data theft," says he.

This, of course, is not the first instance of software piracy. The first reported case of software piracy was as late as June 2003 involving Antares Systems vs C1 India Pvt Ltd. For the record, the IT Act was passed in October 2000. "The reason is that the Government issued the notification for appointing adjudicating officers only this March. Only after that was a real forum for seeking damage created," says advocate Pavan Duggal, an expert in cyberlaws.

In another case, a US company got an Indian firm to develop an Indian version of one of their softwares. Two employees of the Indian company stole a copy of the source code, quit the company to join another one and then misused the source code. As per Duggal, the case was resolved after the source code was returned. "The company didn't get the two persons convicted fearing negative publicity," adds he.

Piracy of software is an easy task for any amateur progammer. All you need to do is copy the software on to blank CDs and develop either a crack or a key generator programme to register your copy of the software.

Only recently a Delhi-based company had received an order from an EU client for developing GIS (Geographic Information System) software. The local company gave the project to nine employees. After about 90 per cent of the software was completed, the nine employees started demanding a salary hike. The management asked them to turn in their resignations. They resigned alright but not without doing the damage. "During the period they deleted almost 90 per cent of the GIS software worth Rs 60 lakh. The company did not seek damages fearing they will not receive any order in future," says Duggal.

According to him, one can approach high courts for injunctions or seek damages under the IT Act. But companies usually avoid the legal hassle because some arbitrary powers have been provided to police superintendents.

"They can arrest anyone who, in their opinion, have committed, are committing or are going to commit a cyber crime. Moreover, they can do so without issuing a warrant," says Duggal.

"To add insult to the injury, section 84 of the IT Act provides absolute immunity to the police officials engaging in the search operation if they have done so in good faith," adds he.

Another reason is the amount of non-refundable processing fee the companies have to submit to the government. "Under the IT Act, for every one lakh of compensation, companies have to deposit Rs 2,000 to the government," informs Duggal.

Interestingly, for cases filed under the Copyright Act, 1957, the normal court fee structure is followed. Duggal says India needs designated software courts.


C1 refutes Antares claim; to sue for defamation

Fakir Chand in Bangalore | July 25, 2003 20:40 IST

C1 India Ltd, a subsidiary of the US-based Commerce 1, on Friday refuted the claims of Antares Systems Ltd, a Bangalore-based IT firm operating in the electronic tendering product space, that it had violated the latter's copyright and infringed upon its intellectual property rights.

In response to a questionnaire on the case filed by Antares against C1 and four others under sections 43 and 46 of the Information Technology Act, 2000, C1 president and chief operating officer Vivek Agarwal told rediff.com that the company was upset to notice that such frivolous allegations were made in spite of the matter being sub-judice.

* First case under Indian cyberlaw filed

"Antares is trying to publicise the case, and we shall file a defamation case against it. We are determined to fight this case, and we are sure that we will win," Agarwal asserted.

Antares filed the case against the New Delhi-based subsidiary of Nasdaq-listed Commerce1, seeking damages of Rs 25 lakh (Rs 2.5 million), along with interest at the rate of 24 per cent per annum.

The case, filed on behalf of the company by Supreme Court advocate Pavan Duggal, is pending before Prakash Kumar, adjudicating officer under the Information Technology Act, 2000, and special secretary (IT), Delhi government.

The case came up for hearing on July 9, and as counsel for the respondents had sought time, the adjudicating officer adjourned it to August 13.

According to Agarwal, Antares approached C1 for a tie-up and offered to demonstrate its product. It negotiated with C1 for a possible tie-up, which did not materialize.

"We asked Antares to send its official for the demonstration of its software. The company, however, told us to visit its test site and see the software for ourselves. Now, it is accusing us that since we saw its test site, we copied its software. This is an unrealistic accusation to make," Agarwal alleged.

Antares' senior vice-president R Kamath told a news conference in Bangalore on July 11 that his company had also charged the respondents with, among others, developing their own e-tendering solution by copying the essential features of the company's product, Tenderwizard.

Kamath also claimed that Antares shared the user ID and password of Tenderwizard with C1 for online evaluation, but the latter, after the successful bid, 'dumped' the company.

Denying the charge, Agarwal said his technical team had confirmed that the password, which was supplied by Antares, never worked.

"Even if we have visited the site, nobody can copy the software by visiting the test site," Agarwal said.

Elaborating the company's stand on the case, Agarwal said that any software would be made of three components:

* Look and feel of software: This includes the formats in which one can see the software. And in C1's case, this has been completely governed by the Andhra Pradesh government. Every department gives its own look and feel requirements.
* Process: This includes defining the workflow and the level of authorities that each department can give to each individual in the department. Again, this has been completely governed by the Andhra government. Every department gives its own process requirements.
* Technical architecture: This is the technology C1 uses. While Anatres uses Oracle and Java, C1 uses Microsoft.

"So where is the question of copying the software? We represent Commerce 1 in India, and if at all we will be influenced, we will be influenced by Commerce 1, and not from a company like Antares," Agarwal stated.

"Any company would be crazy if it attempts to first copy the software in Java and then convert it into Microsoft platform," he said.

Earlier, Antares had claimed that the respondents collaborated with the company to jointly bid as a consortium for the e-procurement initiative of the Andhra Pradesh government in September last.

Anatres, however, claimed that C1, as the lead bidder, executed the agreement with the Andhra Pradesh government for the deployment of the project without its knowledge and consent.

The project, valued at Rs 8 crore (Rs 80 million), consisted of an e-procurement component and an e-tendering component.

Antares also accused C1 of having downloaded and/or copied as also extracted data and information from its computer system or network.

The company said complaints to the Andhra Pradesh government did not elicit any response so far.

Antares files case against Andhra government

In a related development, Antares filed a case against the Andhra Pradesh government in the Delhi high court on the e-governance project, which was executed by C1 without its involvement.

According to Kamath, the case came up for hearing before the high court on July 21. When the counsel for C1 and the Andhra Pradesh government sought time to file their written statement, the court directed them to file them within one week.

"The matter has been adjourned to August 13 for arguments on injunction application," Kamath told rediff.com in Bangalore on Friday.

CIBIL unmasked (IMPORTANT POST)

Credit Card Issuers in India are scrambling to obtain consent from their card holders to disclose information to third parties such as credit information bureaus like CIBIL. Now that Sarbajit Roy's HACKING COMPLAINT has speedily ensured that the "Credit Information Companies (Regulation) Act 2004" has been duly legislated, it is important for consumers to understand how to safeguard their privacy under this law. Protect your rights and learn to stand up against CIBIL and the Government.

  • Immediately send a written communication by REGISTERED POST / SPEEDPOST to all Banks and other Financial Institutions you have borrowed monies from.

  • Inform the Bank that with the Credit Information Companies (Regulation)Act 2004 shortly becoming law, that disclosure of "Credit Information" by the Bank/FI to any agency outside the Bank is impermissible without the specific consent of the borrower. Furthermore, that the said Act is for defaults of new debts and does not apply to old contracts where specific consent has not been granted.

  • Inform the Bank that you have never given specific consent to the Bank in the format laid down by the Reserve Bank of India permitting disclosure of credit information. (I cannot disclose the format given to the Banks by RBI, because I obtained these from CIBIL during the course of my Hacking Complaint. However, it is extremely unlikely that your Bank had obtained your consent in RBI's specific format - since only 10 insignificant Banks had done so).

  • Inform the Bank that you consider your Right to Privacy to be an over-riding Constitutional Fundamental Right which cannot be taken and/or signed away by any contract or agreement between yourself and the Bank.

  • Inform the Bank that any contract / agreement between yourself and the Bank (entered into prior to the passage of the Credit Information Regulation Act), continues to be governed by the Banking Secrecy Laws of India. Furthermore that all information and particulars "entrusted" to the Bank by you concerning the contract are Confidential and absolutely governed by the Laws of India only.

  • Inform the Bank that you are hereby specifically withdrawing all consents (implicit and/or explicit), if any, that the Bank would consider as permitting disclosure of any particulars concerning yourself an/or capable of identifying you to anyone other than an officer of the Bank.

  • Inform the Bank that you call upon them to immediately withdraw all information they may have circulated and/or published concerning yourself to any third party including a credit bureau. Furthermore that you all upon the Bank to inform you within 3 weeks that they have done so.

  • Inform the Bank that should they violate your Fundamental Right to Privacy, by disclosing any particular(s) capable of identifying you in any way whatsoever to any 3rd person including a credit bureau, that you will proceed against them and their officers jointly or severally as appropriate, including for criminal breach of trust.

  • Send a copy of the letter by SpeedPost to CIBIL. The address of CIBIL is contained in the Hacking Complaint. Search this website for the link to it. Inform CIBIL that there is no specific consent from you which would permit CIBIL to publish / circulate any information concerning yourself.

    Having said all this, lets read what Harjeet Ahluwalia has to say about this in "The Pioneer" newspaper of Delhi on 30 May 2005.


    Borrower under the scanner

    Harjeet Ahluwalia

    It looked no different than other promotional mailers, but this Citibank communication actually was. Quite late in the day, but it listed important terms and conditions regarding card fees, charges, dispute and defaults and, more importantly, it also described "disclosure":

    "As per extant business practices", the bank was authorised to share member information with any existing or future credit bureaux, and this sharing of "positive or negative performance/default" would be done without notice to the card-holder.

    All borrowers may not be fully aware of this, but dossiers are quietly being readied on an increasingly large number of loanees, but only of their borrowing records. For, creditor data is being shared with the Credit Information Bureau of India Ltd (Cibil). The fee-based information exchange mechanism for banks and financial institutions is also expected to help customers get better credit terms based on their borrowing track record.

    It compiles a credit information report (CIR) of a borrower's payment history from data supplied by different credit grantors to help them make more informed lending decisions. Different lenders may use a CIR differently, or take into account other factors when assessing an application. One bank may deny credit, while another could take a different view and accept the proposal, according to Cibil.

    Cibil and the norms governing it have been around for a few years now, but earlier only defaults above Rs 1 crore and suit-filed accounts came under its ambit. It is only of late that banks are routing wider borrower data to it as their networking systems master stacks of manually recorded information.

    Since the Reserve Bank guidelines for information-sharing are relatively recent, the more conservative public sector banks (PSBs) are still busy collecting mandates from long-standing borrowers (even the ones with a good repayment record) in order to avoid legal tangles. The more adventurous ones say they do not see the need for explicit consent, since it can hurt only defaulters and anyway data-sharing is now a regulatory requirement. However, all loans are now processed with the new rule incorporated at the application stage itself.

    Where does this leave customers? More wary, perhaps, of defaulting and somewhat apprehensive of their borrowal records coming into the public domain. Yet, the larger picture suggests that individuals and commercial entities alike who recklessly resort to credit from uninformed, and therefore unsuspecting, lenders may be deterred to a large extent and prospects of more non-performing assets piling up would diminish.

    For any comments, queries or feedback, kindly mail us at feedback@dailypioneer.com
  • Credit Cards still unregulated

    Boom time for credit card biz
    PRABHAKAR SINHA

    TIMES NEWS NETWORK[ SATURDAY, MAY 28, 2005 10:45:52 PM ]

    NEW DELHI: The credit card industry in India has never had it so good. In its 15 years of doing business in this country, it had issued 2.69 crore cards till December 2003. And now in just one year, 2004, that figure skyrocketed to 4.33 crore.

    The rise is visible also in the number of transactions using cards and their value. From 14.57 crore transactions in 2002-03, the number rose to 21.19 crore in just the first nine months of 2004-05. The amount involved in these transactions also shot up from Rs 26,951 crore to Rs 44,737 crore.

    Behind the story of this dizzy growth is a tale of aggressive marketing, tall promises and a tribe of outsourced marketers called direct selling agents (DSAs). This is the tribe that's on your phone virtually every day, urging you to buy this card or the other, indeed, often promising the moon and, not surprisingly, failing to deliver.

    The DSAs and their activities have already reached the court of the Reserve Bank of India. The RBI recently set up a working group to recommend corrective measures whose suggestions include setting up of a regulatory mechanism.

    However, bankers and consumer rights protection activists feel these steps will not be sufficiently fail-safe.

    Banking sources say banks are growing rapidly and these problems are merely teething troubles. To achieve fast growth, most banks, particularly foreign and private banks, hire DSAs to sell credit cards and collect dues, they point out.

    Bankers say there is a disconnect at the cultural level between card issuing banks, particularly private and foreign ones, and the DSAs they employ. In order to achieve targets, DSAs adopt dubious practices like promising more than what banks have asked them to do.

    It is not that banks are unaware this. But competition is furious, and in their zeal to grow, banks tend to wink at erring DSAs.

    The DSAs, representing Citibank, Standard Chartered, ABN Amro, ICICI and HDFC, among other banks, tend to offer various freebies and benefits such as, no annual fee and low interest rates in the range of 1.40 per cent per month) to sell their cards. They sweet-talk and say that these special privileges are being given because of your track record of not defaulting with other card-issuing banks.

    But there's invariably a catch. Take for example, the promised waiver of annual fee. Often the promise is broken and the sheer pain of going after the defaulting DSA is such that you give in and pay the fee.

    Or take the promise of low interest rates. The fine-print in the contract that you sign says that in case of delayed payment, the interest rate will be jacked up to 2.5 per cent per month. And many a time, either customers receive their bills late or cheques are credited late by the card-issuing bank, but the blame is put on customers and their interest rates are increased.

    The RBI working group has suggested that a banking ombudsman be empowered to arbitrate in credit card disputes between cardholders and card-issuing banks. But bankers aren't playing ball they argue that the relationship between the two is governed by a contract that is signed by the customer.

    Card issuers, of course, deny the allegation that they or their DSAs are reneging on promises made to customers. Citibank business manager (cards) TR Ramachandran said the bank advises customers to spend within their means and maintain a perfect track record in payments.

    Stanchart MD Neel Chatterjee also denied that the bank broke its promises. He said there could be some individual cases, but even these had been addressed as soon as possible.

    VP, South Asia, of Master Card, Nitin Gupta, said that there are issues on redressal of the customer grievances which banks need to address. He said that there was a sense of urgency among card issuing banks to bring in self-regulation and complete transparency in the business.

    The Consumer Education and Research Society (CERS) of Manubhai Shah is clearly not impressed by these attempts at self-regulation. It has demanded new legislation to contain the malpractices in the card business.

    Bankers suggest that the regulator should bring in a provision of imposing fine on erring banks. In fact, the working group has also recommended that if a bank issued an unsolicited card and billed the recipient for the same, the bank should pay double the value of the bill as penalty to the recipient. The official said that similar provisions should be made for other violations also.

    RBI admits credit card problems

    RBI mulls guidelines on outsourcing of banking activity
    Mumbai, May 29: Reserve Bank of India is considering issuing guidelines on outsourcing of banking activities to improve regulatory oversight for risk management of this segment.

    The central bank was internally discussing on regulatory guidelines on outsourcing, RBI Deputy Governor Shyamala Gopnath told reporters today on the sidelines of a seminar on retail banking organised by Indian Bank's Association here.

    Commercial banks are resorting to outsourcing for reducing costs and increase efficiency. This has potential to transfer to third party which is outside regulator's ambit, she said.

    The banks should be careful about outsourcing activities which are critical to banking operations, she said.

    Referring to services to the retail customers, RBI Deputy Governor said the focus should not be just on the lending activity but also on the concern of depositors and provide facilities to customers who do not want Internet banking but are comfortable with branch banking.

    The retail home loan lending has grown considerably. The non-performing assets of this segment are small yet as a matter of caution, RBI has raised risk weightage for home loans, she said adding as a matter of prudence, bank should carry out stress testing of balance sheet for movement in real estate prices.

    On the credit cards, she said RBI has been receiving a number of complaints regarding various undesirable practices by credit card issuing institutions and their agents.

    The RBI was considering to bring credit card disputes within the ambit of the banking ombudsman scheme.

    CIBIL and privacy laws

    The small borrower too has rights
    Niranjan Krishnan / New Delhi May 30, 2005
    Credit information bills abroad enforce the rights of users as well — the one just passed by our Parliament doesn't

    The passing of the Credit Information Companies (Regulation) Bill by the Rajya Sabha this May heralds the birth of a new era for the lending business in India and also rings the death knell for personal privacy in the country.

    The bill that was passed without much murmur formalises and legitimises the credit data-sharing efforts already under way with the establishment of Credit Information Bureau (India) Ltd, (Cibil). The bill makes it mandatory for every credit-providing institution in the country to report to at least one credit information company such as Cibil about personal information on borrowers and their transactions including, but not limited to the amount, repayment history and default status.

    The far-reaching bill spans across a wide array of secured and unsecured credit schemes including personal, home and vehicle loans, leasing and hire purchases, credit cards, bank guarantees and letters of credit. It just stops short of mentioning pawn-broking.

    The primary objective of the bill is to reduce the non-performing assets (NPAs) of banks and other institutional lenders in the country by facilitating better credit risk management.

    The modus operandi will be roughly like this: when a customer gives an application, say, for a vehicle loan, comprehensive information on every form of liability the person has, will be electronically acquired by the creditor from the credit information companies that house that information.

    All that information will be fed into a mathematical model and a risk score indicating the creditworthiness of the customer will be developed. The risk score will then become the basis for deciding whether to sanction the loan, for what amount and the interest rate.

    The idea of lenders sharing consumer credit information via credit data-providers is no doubt an American import into India. Uncle Sam’s fingerprints are apparent in the establishment of Cibil, which is a joint venture spearheaded by the State Bank of India and HDFC, in partnership with Dun & Bradstreet and TransUnion — two leading credit bureaus in the US.

    We can soon expect to see other major American credit data vendors such as Experian and Equifax scroll up their shop shutters in the Indian credit supermarket.

    While no one can dispute the business merits of having organised central repositories of consumer credit information, the Credit Information Bill passed by the Parliament does not appear fully buttoned down to ensure equity among all stakeholders involved. The bill, with its heavy emphasis on the lenders’ side of things, raises a few issues and concerns from the perspective of borrowers and consumers at large.

    First and foremost, credit information sharing itself will not be a panacea for reducing NPAs in India since the Indian lending landscape has got its own set of idiosyncrasies. A sizeable chunk of NPAs in India stems from devious liability structures in credit transactions and political interference in the lenders’ loan approval and recovery process.

    Anecdotal evidence suggests that individuals with a social, political or celebrity status siphon off funds borrowed via a company or a web of companies with a purposefully perplexing ownership structure, and have a free ride by exploiting the loopholes and lethargy in our legal system. The same holds for use of political pressure that restrains banks and takes the teeth out of their actions on wilful defaulters.

    One would also expect an exhibition of the “Pareto principle” in NPAs, that is, the prevalence of a big bulk of NPAs originating from a thin sliver of wilful defaulters so that taking action on a small slice of big-fish defaulters, as opposed to a sizeable shoal of minnows, could drastically lower NPAs. That way we will have fewer farmers unable to repay seed-loans and committing suicide, while deadbeat defaulters walk scot-free, with the booty bulging in their coat pockets.

    In the US, from where this idea is borrowed, credit data sharing is supported by a fairly robust regulatory framework that, in addition to enabling lenders limit loss write-offs, also protects the interests of goodfaith seekers of credit, defaulters under genuine hardship, and the consumers at large.

    Acts such as the Fair Credit Reporting Act, Equal Credit Opportunity Act and the Truth in Lending Act lay down in great detail the rules for the use of consumer credit information at each and every stage in the credit lifecycle, including lender solicitation, borrower’s credit request, underwriting, account monitoring, dunning, collection, loss write-off, bankruptcies and post-loss recovery.

    There are provisions in the American credit laws that require lenders to make certain mandatory disclosures in acceptable verbiage, informing consumers of their rights each time an unfavourable action is taken based on derogatory information in their credit reports.

    The laws explicitly forbid the use of factors such as age, gender, race, exact geographic location in the credit scoring models to prevent discrimination. Consumers are also allowed the right to make their credit file inaccessible to lenders making unsolicited offers and opt out of marketing campaigns via different channels like mass mailing, telephone and so on.

    Most importantly, credit bureaus, lenders and the government play an active and visible role in consumer education to keep the public better informed about how their personal data are used and what rights they have by law.

    It will be interesting and important to see what legislative support the Indian credit consumers get in return for the mandatory intrusion into their privacy, as imposed by the Credit Information Companies (Regulation) Bill.

    # How are Indian consumers protected from misleading information provided by lenders before approvals and deceptive interest assessments and hidden costs, often bordering on usury, which follow post-approval?

    # How will the government actively facilitate appropriate action on wilful and skilful defaulters, such as those mentioned earlier, so that the good-credit customers and taxpayers need not shoulder the burden of their misappropriation?

    # What is the legal responsibility of credit bureaus, lenders and the government in informing and educating the consumers about how their personal information is used and what rights they have, and in general, in hand-holding the uninitiated consumers navigating the new waters?

    # How will lenders be proactively restrained from harassing borrowers and adopting extreme measures that have ranged from hiring goons for collections to gouging out kidneys?

    # As such, good-credit consumers are victims of aggressive marketing campaigns by credit institutions. Once their creditworthiness becomes electronically available to all lenders in the country, one can imagine those consumers facing an onslaught of telemarketing calls and a barrage of unwanted loan offers. How can consumers opt out of solicitations based on their credit file, especially to enable working people to get that extra hour of sleep on weekends, or for retired people to have an uninterrupted nap in the afternoons?

    These are only some of the many issues that need to be addressed satisfactorily to ensure fairness and equity among all stakeholders affected by the advent of the credit information bill.

    Otherwise, this bill, with an almost unifocal emphasis on lenders’ NPAs, runs the risk of creating a lopsided scenario in the country and trampling further upon the already abused lot — the naïve bona fide individual consumers.

    The author is a specialist in risk management
    Need for an effective privacy policy
    SUCHETA DALAL
    Posted online: Monday, May 30, 2005 at 0156 hours IST

    Sucheta Dalal: A natural corollary to the issue of data and databases that we have discussed here over the last two weeks is the question of privacy. For instance, what is the answer to a reader’s simple query: ‘‘Is the personal data on individual’s/corporates safe from unscrupulous elements? What is the privacy policy? Can database agencies be sued if they are hacked and the data misused?’’

    Although the right to privacy is enshrined under Article 21 of the Constitution, enforcing this right through consumer action and compensation are tricky issues because the legal process is slow and expensive and the judiciary is niggardly about granting punitive damages. We have already learnt to live with the consequences of stolen data. How else are our mobile phone numbers and addresses available to a variety of marketing companies? But a clear privacy policy becomes extremely vital at a time when the Securities and Exchange Board of India (SEBI) has already kicked off the controversial Market Participants Database (MAPIN) and is now in the process of reviewing it after widespread investor anger.

    How important is data privacy and the need for a clearly articulated and legislated privacy policy? I spoke to a few experts in the Information Technology (IT) and security industry and found that there is considerable concern among leaders about the security of personal information that is being collated by MAPIN, Cibil (Credit Information Bureau of India Ltd) and the Income Tax department as Permanent Account Numbers (PAN) and the Tax Information Network (TIN). Today, in the absence of clear legislation, there is nothing to prevent personal information from being shared across the board with anybody. Organisations may claim to have an internal privacy policy, but in the absence of clear legislation, they don’t come under any legal obligation.

    Nasscom President Kiran Karnik says, ‘‘Personally, I feel deeply concerned about the obsession we have with ‘security’ (and I am not talking of data security), which seems to provide a cover-all for anything and everything. It seems to permit the government and its multiple security agencies to do anything from tapping telephones to intercepting mail to seeking identity and sites accessed by cyber cafe users. Sadly, the ‘intelligentsia’ is not bothered: this is, after all, ‘other people’s’ problem.’’

    Sunil Mehta, Vice-President of Nasscom says, ‘‘As Internet penetration in India increases, e-governance initiatives grow in reach and more and more ‘personal identifiable information (PII)’ becomes digitised, many of us are increasingly concerned about privacy and security breaches. I really believe there should be a genuine public debate in this country among all stakeholders around the kind of privacy laws that we, as citizens, really need.’’

    Nandkumar Sarvade, DCP police and IIT engineer, who is currently on deputation with Nasscom (National Association of Software Companies) says, the growth of databases is inevitable, since government itself needs large databases, such as a list of all the citizens, voters, tax payers, vehicle owners, drivers, property owners and so on.’’

    ‘‘Since information infrastructure is increasingly being controlled by private players, without a legal framework, profit maximisation would remain the primary purpose resulting in exploitation and resale of databases. A legal framework would therefore be required to lay down the rules, within which legitimate data aggregation can be practised.’’

    Most experts believe that Self Regulatory Organisation (SRO) is a good start. But Sunil Mehta insists, the ‘‘SROs would have to be carefully designed to give it some real powers to create a code of ethics (and adherence to security standards, self-certified audits, third-party audits), create capacity by training key officials in member companies, investigate and adjudicate breaches and expel members who fail to correct behavioural lapses. This has to be backed by ‘‘a legal framework, which can be triggered off by the SRO in case all else fails.’’

    The controversy over biometric identification that is being discussed by a SEBI committee in connection with MAPIN makes the issue of security and efficacy of databases even more relevant.

    Sarvade quotes a chilling passage from Simson Garfinkel’s book on databases and privacy, (‘Database Nation: The Death of Privacy in 21st Century’) with specific reference to biometric identification. It says, ‘‘Biometrics are a powerful means to ascertain somebody’s identity, but only for the person or the machine that actually does the measuring. Once a biometric is stored inside a computer, all of the security provided by biometric identification is lost. A stored biometric could easily have been copied from another computer, rather than being directly measured. This is a critical distinction to understand when using biometrics. It is a distinction that is so subtle that it frequently is overlooked by the people implementing and using biometrics-based systems.’’

    The direct consequence of copying biometric identification is its misuse with nightmarish consequences for the victim. For instance, the misuse of a credit card only causes monetary losses (which can sometimes have extreme consequences), but the misuse of biometric could falsely implicate a person in criminal activity, which would be impossible to disprove.

    Prakash Hebalkar, a leading IT expert, has long been concerned with the issue of Identity Theft. He first raised it in 2002 in connection with the PAN database. He wrote: ‘‘Can you imagine trying to prove to the Income Tax authorities that it was not you who asked for that demand draft payable to the cross-border terrorist, despite your PAN being misused on the draft application to the bank? Or that you did not buy that SIM card for the mobile phone that was used to make extortionist calls? The list could go one ad infinitum, limited only by one’s imagination.’’

    Hebalkar believes that Indian criminal law must introduce provisions similar to the US statute, which provides for imprisonment for 20 to 25 years and forfeiture of property for identity thefts. Instead, the fine for a misstatement or misuse of the PAN today is a paltry Rs 10,000.

    Interestingly, many experts still believe that our current legal framework, if well enforced, is adequate to addresses violations of personal privacy. To my mind, the current legal framework is rendered ineffective because of the slow legal process and paltry punishments. It is only when there is adequate debate and discussion on privacy issues that the government will recognise the need for an effective legislative framework to protect individual privacy.

    suchetadalal@yahoo.com

    Inadequate cyber security in India

    Inadequate cyber laws hurting Indian firms

    Press Trust of India

    New Delhi, May 25, 2005

    The burgeoning outsourcing business in India is not restricted to call centres anymore with data processing units coming up in large numbers but absence of proper data security and cyber laws is hampering their business prospects, say experts.

    Security of information is a major concern for companies outsourcing their jobs and they are insisting on BPOs to get certified under international certification standards such as BS 7799, SAS 70, HIPAA standards because compared to the laws in US and UK the Indian IT Act 2000 offers woefully inadequate protection, says Mandeep Garewal, Director Force Tech Security, a consultant to BPOs on data security related matters.

    An estimated 20 per cent more work would have come India's way if a data protection law was in place, says Garewal.

    Given that the BPO industry had a turnover of $3.6 billion in 2003-04, that translates into business worth about $720 million. About $1 billion worth of more BPO work would have come here if stringent security norms and suitable laws were in place in India," says Garewal.

    Because of ongoing concerns on security, it has become a critical bugaboo and companies look for providing limited access to their applications thus minimising the scope of misuse, says Alok Shinde, Director of Information Communication and Technology Practice, Frost and Sullivan, market consultants on emerging high-technology.

    "They have a clause in the selection process (RFP) that makes it mandatory for BPOs to have security certifications such as BS 7799 before they can bid. And they also ensure that BPOs in India are conducting security audit and penetration testing to ensure compliance," says Shende.

    Companies would also be taking up the issue in a big way at the forthcoming Communic Asia conference in Singapore next month.

    Companies outsource services such as health, land records, which are important data and therefore they maintain stringent security specifications which are based on requirements of their own onshore compliances to various laws, says Garewal.

    Though BPO firms have addressed their client concerns by investing in security equipment and following procedures and practices that ensure internal security, experts feel that absence of proper data security and cyber laws in India is hurting the industry most.

    The Indian regulatory environment is covered by laws such as the IT Act 2000, the Indian Copyright Act, and the Indian Contract Act 1972, to safeguard the interests of companies off-shoring work.

    "Owing to the rapid evolution of the security threats, law makers have a challenge to ensure that laws evolve so as to remain relevant with the changing security landscape and also avoid wide sweeping interpretation that may be subject to misuse," says Shinde.

    National Association of Software and Service Companies (NASSCOM), the premier trade body of the IT software and services industry in India has suggested changes to the Indian IT Act 2000, to conform to legal provisions in the US.

    "These changes in law relate to tampering with electronic records, unauthorised access of computer systems, hacking, disclosure and dissemination of privileged information and rights that employees may have within an organisation," says Garewal.

    More importantly, it is critical to train enforcers like police force in intricacies of security since that's an are that has been found to be most wanting, says Shinde.

    More fake BPO data entry scams

    Fly-by-night BPO cos dupe investors
    SHABANA HUSSAIN Monday, May 30, 2005 at 0039 hours IST

    CHENNAI: After fraud cases involving fly-by-night non-banking financial companies (NBFCs), now it’s the turn of fake BPO firms to dupe investors.

    It is not surprising that fraudsters are taking advantage of the BPO industry’s success to make quick money. Consider this. Recently, a company called Salient Online Solutions Pvt Ltd, posing as a Chennai-based BPO firm, duped hundreds of investors. The company managed to convince many that it was running a BPO concern with clients in the UK. The company enrolled employees in a pyramid scheme, under which a person who registered for Rs 3,000 was paid Rs 2,000 for every additional enrollment.

    Industry players have expressed shock over this incident and many believe that this is the first of its kind. Says Ranjit Pisharoty, senior vice president, Lason India. “There have been instances of people posing as agents, promising large contracts. But this is the first time that a BPO company has cheated investors of their money. It is a shocking incident, however, this incident only reflects the popularity of the industry. This is a sunshine industry and everyone naturally wants to be a part of it,”.

    Lonnie Sapp, chief operating officer, Office Tiger, agrees that the scam reflects the success of the industry. “The incident is a mark of success for the industry. The industry has become so lucrative that everyone wants a share of the pie. It is apparent that the investors were impressed by the success of the industry and wanted to make some quick money by investing in a company which promised them gains,” he says.

    Sreeram Iyer, Scope International, head, Global Shared Services centre, says that any promising industry faces the problem of fraudulent operators. “Fraudsters will find a way to make money out of any industry. This time around, they have chosen the BPO industry which has been on an upswing for the last few years,”

    Industry watchers say that though the scam reflects the popularity of the industry, the incident has also revealed the ignorance of the public about the industry. “No BPO company offers a pyramid scheme. The scam would not have been successful, had investors been aware of this fact,” says Mr Pisharoty.

    The scam comes close on the heels of the Mphasis-Citibank fraud. So, is fraud becoming a menace for the BPO sector?

    Expel rude BPO clients from India

    Indian call centre workers face racial abuse, quit

    London, May 29 2005

    Alleged racial abuse and rude behaviour from British and American customers are driving an increasing number of Indian call centre workers to quit their jobs, a media report indicated today.

    Irate customers and their “racial abuses” were factors contributing to the stress and strain in the call centre industry and some organisations have begun employing psychiatrists and counsellors to help their employees to cope, according to a report in The Observer.

    “I’ve had people tell me, ‘Back off ... and don’t call me again”,’ said Eugene, 27, whose former employer, Spectrumind, provided an accounts services for BT. “There was a lot of racist abuse once people detected from our accents that we weren’t English. I saw girls reduced to tears by it.”

    Pooja Chopra, 29, from Delhi, who spent two years fielding calls for BT Cellnet and America Online, faced similar abuse. “People would say ... I don’t want to talk to you, pass me to someone who can speak my language.”

    Workers face a spectrum of rudeness-from sexual harassment to fury at unsolicited sales calls, to “open racism”, the report said.

    Industry analysts have seen the phenomenon of “racist” clients grow in recent years, as customers in the UK and the US become increasingly sensitive to the political issue of jobs outsourced to India, it said.

    According to the report, there are no unions yet to represent the 350,000 workers in the Indian call centre business, but unionist Gautam Mody, who is trying to launch the first call centre workers’ collective, said this was a problem that needed to be addressed urgently abroad.

    “Some workers are deeply hurt by this abuse. The issue of xenophobia cannot be resolved from India-end: there must be a battle against it in the countries responsible.”

    The report quoted Anita Bhuttar, training vice-president of GTL, a Mumbai-based company, as saying that “British customers can be very rude but in a polite way. Usually they won’t use abusive language but you can tell from the tone of their voice they’re angry.” — PTI